How to Resolve the Error "Destination host unreachable" Generated upon a Ping Test on a Windows Virtual Machine

Publication Date: 2015-03-10Views: 5390Downloads: 0

Issue Description

Network is unavailable for a Windows 2003 VM. When a user logs in to the VM and runs a ping test to other IP addresses, the error "Destination host unreachable" is displayed, as shown in Figure 1.
Figure 1 Destination host unreachable

Handling Process

Export the key value of the IPSec module in a normal VM registry, import it into the registry of the VM in question, and restart the IPSec service of the VM in question.

Root Cause

1. Log in to the VM through VNC and analyze the system log of the VM. It is found that the log contains an IPSec error record (as shown in Figure 2). The error shows that the IPSec driver enters the Block mode and discards all packets that are not permitted by the IPSec policy. As a result, the network for the VM is disconnected.

Figure 2 IPSec error record

2. Check the IPSec service. The service is in disabled state. Enabling the service manually returns the error "The system cannot find the file specified."
To resolve this issue, we need to change the key value in HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy. However, the VM in question does not have the key value of the IPSec module (as shown in Figure 3) although a normal VM should have such a key value (as shown in Figure 4).

Figure 3 Registry of the VM in question

Figure 4 Registry of a normal VM

It can be concluded that the network unavailability occurs because of a sequence of issues: the key value of the IPSec module in the VM registry is deleted, the IPSec service fails to start normally, and the IPSec driver enters the Block mode.

3. Export the key value of the IPSec module in a normal VM registry, import it into the registry of the VM in question, and restart the IPSec service of the VM in question. Then the network becomes available for the VM in question.